Malware in eFax messages continue

I saw more of this today (5/19/2015) from an IP address in a new range from Russia.

by CompanyV | Feb 25, 2015 |

The malware in the zip is a trojan downloader largely referred to as Upatre.

This downloader will then probably download the next step which is known as Dyre .

Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.

This malware will also be used to then send out the same malware to everyone else by using your copy of outlook and your bandwidth.

When our mail servers detect a potential risk the attachment is replaced with a text message:

WARNING: This e-mail has been altered by MIMEDefang. Following this
paragraph are indications of the actual changes made. For more
information about your site’s MIMEDefang policy, contact
CompanyV Mail Administrator . For more information about MIMEDefang, see:

http://www.roaringpenguin.com/mimedefang/enduser.php3

An attachment named fax_2342.zip was removed from this document as it
constituted a security hazard. If you require this document, please contact
the sender and arrange an alternate means of receiving it.